util: do not use stack frame for parsing arbitrary inputs
This replaces strndupa() by strndup() in socket_address_parse(), as input string may be too long. Fixes issue 10007 by ClusterFuzz-External: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007
This commit is contained in:
parent
52e4d62550
commit
8d30fcb9b5
|
@ -50,7 +50,8 @@ static const char* const socket_address_type_table[] = {
|
|||
DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
|
||||
|
||||
int socket_address_parse(SocketAddress *a, const char *s) {
|
||||
char *e, *n;
|
||||
_cleanup_free_ char *n = NULL;
|
||||
char *e;
|
||||
int r;
|
||||
|
||||
assert(a);
|
||||
|
@ -68,7 +69,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
|
|||
if (!e)
|
||||
return -EINVAL;
|
||||
|
||||
n = strndupa(s+1, e-s-1);
|
||||
n = strndup(s+1, e-s-1);
|
||||
if (!n)
|
||||
return -ENOMEM;
|
||||
|
||||
errno = 0;
|
||||
if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
|
||||
|
@ -125,7 +128,10 @@ int socket_address_parse(SocketAddress *a, const char *s) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
n = strndupa(cid_start, e - cid_start);
|
||||
n = strndup(cid_start, e - cid_start);
|
||||
if (!n)
|
||||
return -ENOMEM;
|
||||
|
||||
if (!isempty(n)) {
|
||||
r = safe_atou(n, &a->sockaddr.vm.svm_cid);
|
||||
if (r < 0)
|
||||
|
@ -146,7 +152,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
n = strndupa(s, e-s);
|
||||
n = strndup(s, e-s);
|
||||
if (!n)
|
||||
return -ENOMEM;
|
||||
|
||||
/* IPv4 in w.x.y.z:p notation? */
|
||||
r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
|
||||
|
|
Loading…
Reference in a new issue